NAME
Crypt::Passphrase::Pepper::Simple - A pepper-wrapper for Crypt::Passphrase
VERSION
version 0.019
SYNOPSIS
my $passphrase = Crypt::Passphrase->new(
encoder => {
module => 'Pepper::Simple',
inner => 'Bcrypt',
peppers => {
1 => pack('H*', '0123456789ABCDEF...'),
2 => pack('H*', 'FEDCBA9876543210...'),
},
},
);DESCRIPTION
This module wraps another encoder to pepper the input to the hash. By using identifiers for the peppers, it allows for easy rotation of peppers. Much like password their function relies entirely on their secrecy, and they should be treated similarly.
It will be able to validate both peppered and unpeppered hashes.
CONFIGURATION
It takes the following configuration arguments:
inner
This contains an encoder specification identical to the
encoderfield ofCrypt::Passphrase.It is mandatory.peppers
This is a map of identifier to pepper value. The identifiers should be (probably small) numbers, the values should be random binary strings that are long enough to not be brute-forcable (the output size of the hash is a good choice). This is mandatory.
active
This is the active pepper. It must be one of the keys in
peppers, and by default it will be the key highest (numerical) value.algorithm
This is the algorithm that's used for peppering. Supported values are
'sha1-hmac','sha224-hmac','sha256-hmac','sha384-hmac', and'sha512-hmac'(the default).
Supported types
The supported peppered types are a the inner encoders types cross joined with the algorithms with "-pepper-" (e.g. "argon2id-pepper-sha512-hmac"), as well as the underlaying types themselves (e.g. "argon2id".
AUTHOR
Leon Timmermans <fawaka@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2021 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.